package com.lzh.financial.config;

import com.lzh.financial.handler.JwtAuthenticationTokenFilter;
import com.lzh.financial.handler.MyAccessDeniedHandler;
import com.lzh.financial.service.IUserService;
import com.lzh.financial.service.impl.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

import javax.sql.DataSource;

/**
 * @author reborn0530
 * @date 2021/1/26 16:59
 */
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyAccessDeniedHandler accessDeniedHandler;
    @Autowired
    private UserDetailsServiceImpl userDetailsService;
    @Autowired
    private DataSource dataSource;
    @Autowired
    private PersistentTokenRepository persistentTokenRepository;
    @Autowired
    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;


     @Override
    protected void configure(HttpSecurity http) throws Exception {
        //跳转到我定义的页面
         http.formLogin()
                .loginPage("/login.html")
                 .usernameParameter("username").passwordParameter("password")
                //必须和接口名字一样才会去执行自定义登录逻辑
          .successForwardUrl("/toMain");

         http.authorizeRequests()
                //login.html为所有放行
                .antMatchers("/user/**","/toMain","/toIndex","/login","/toRegist","/regist").permitAll()
                 .antMatchers("/money/**").permitAll()
                .antMatchers("/error/*.html","/login.html","/regist.html","/people/**.html","/asserts/**").permitAll()
                //拦截 所有请求必须都要有认证才能访问
                .anyRequest().authenticated();
         http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        http.csrf().disable();
        http.logout().logoutSuccessUrl("/login.html");

       /* http.rememberMe().tokenRepository(persistentTokenRepository)
                //60s
                .tokenValiditySeconds(60)
                //自定义登录逻辑
                .userDetailsService(userDetailsService);*/
        //自定义权限不足
        http.exceptionHandling().accessDeniedHandler(accessDeniedHandler);
    }


  /*  @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/asserts/**,/images/**");
    }*/

    @Bean
    PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
    @Bean
    public PersistentTokenRepository persistentTokenRepository(){
//         存入数据库
        JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
        jdbcTokenRepository.setDataSource(dataSource);
        //只需要建一次，第二次注释掉
//        jdbcTokenRepository.setCreateTableOnStartup(true);
        return jdbcTokenRepository;
    }



    @Bean(name = BeanIds.AUTHENTICATION_MANAGER)
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

}
